By Alex Wukman
At this writing the various websites of the Westborro Baptist Church (WBC) have been down for over a week now and most people think they were initially taken down by members of the internet collective known worldwide as Anonymous; strangley that is not the case. On Thursday, February 24, a member of the group who goes by the twitter handle ATopiary appeared opposite Shirley Phelps Roper, a spokesperson for the WBC on the Massachusettes based internet and radio talk program the David Pakman Show.
The reason for the interview, aside from seeing what happens when the unstoppable force of Anonymous runs into the immovable object of WBC, was a report that had been making its way through the blogosphere that a faction of Anonymous had issued a threat to WBC. The press release was first posted to the opensource AnonNews.org website on February 16 and spent the better part of a week being reported or dismissed by nearly every tech blog in the Western Hemisphere.
However, during the Pakman interview ATopiary said that the threat against WBC didn’t come from Anonymous. “This press release came out of nowhere,” he tells Pakman. He goes on to suggest that the speed with which the WBC issued their own response, an unfortunately worded challenge to “bring it,” may mean that the whole affair was a false flag operation planned within the WBC. Around eight minutes into the discussion Atopiary tells Pakman that Anonymous posted a release to one of WBC’s sites.
Most media outlets jumped on the fact that Anonymous hacked the WBC sites during the middle of a live interview which, while pretty awesome, ignores the questions of who intially shut down the WBC sites, who is keeping them offline and why. The man who did that is a less well known, but in no ways less interesting, gray hat hacktivist who goes by the name th3j35t3r, or The Jester for those who don’t speak l33t.
In a January 2010 interview with Richard Steinman of Information Security Resources, Jester says he is an “ex-soldier with a rather famous unit, country purposely not specifed” and that he supported Special Forces operations and “served in (and around) Afghanistan amongst other places.” Citing an anonymous “former defense operative with knowledge of Special Forces activities” the New York Times reported that Jester is a former military contractor who worked on projects for the Special Operations Command.
Using a proprietary denial of service (DoS) program called XerXeS Jester can take a web site down in about two minutes and restore control in a matter of seconds. Jester first came to many internet watchers’ attention in late November 2010 when he launched a two to four gigabyte per second DoS attack on Wikileaks just prior to their release of thousands of classified documents. In video demonstrations shared with the IT website Infosec Island Jester demonstrated that, unlike Annonymous’ Low Orbit Ion Cannon (LOIC) which launches a distributed denial of service attack from thousands of computers, XerXeS can run effectively on a single low bandwidth device. He even recently tweeted that he has now refined the program to the point that he can take down a website from an android based cell phone.
Another key difference between XerXes and LOIC is anonymity, because LOIC doesn’t mask its users IP addresses they can be logged, which led to the arrests of five men in the UK in late January. It also led to Jester identifying some of the key members of Anonymous in December and posting their IP addresses on his blog. The existence of a small committee of approximately 10 to 12 people that determines Anonymous’ targets was confirmed by Brendan Greeley of The Economist and many of them later talked to the Guardian about the day-to-day to operations of the organization.
To try to correct the problems inherent in using LOIC, Anonymous released a new version of the program in early January that claimed to be able to hide a user’s IP. However, days after its release word broke on an out-of-the way blog that Jester had infected the file so that “it gives up paths, usernames, ip, MAC, sysinfo, everything.” Jester’s hack of Anonymous’ new and improved LOIC ws not the unprovoked attack of someone trying to make a name for himself.
Jester’s attack on Wikileaks, predicated on the belief that exposing the documents would put troops in harms’ way, brought him to the attention of Anonymous who spent weeks on internet relay chat channels trying to find ways to expose him. They even accused Robin Jackson, an IT professional for the State of Montanna’s Department of Labor and Industry as being The Jester, he vigorously denies the assertion. While it was the attack on Wikileaks that put him squarely in the sights of Anonymous, the info-dumping site was not his first target.
Beginning in January 2010 Jester started carrying out a one man cyber war. Through his twitter feed Jester announced that he had performed dozens of what he described as “surgical strikes” against “known jihadi propaganda, recruitment, training and co-ordination sites.” By In a June 2010 interview with German Newspaper Die Welt, that is translated and available on Jester’s blog, he says he attacks the sites “because they pose the single biggest threat to the actual physical world at large – rather than being just a threat limited solely to cyberspace itself.”
One of the better questions the reporter for Die Welt asked was why Jester seemed to be focusing on smaller sites instead of going after the most influential jihadi forums he replied that he believes by making smaller sites unreliable he is essentially “funnelling terrorists and potential terrorists away from peripheral sites and into a smaller space that is easier to monitor.” Whether that is true or not remains to be seen.